Confidentiality is the protection of personal information. Confidentiality means keeping a client’s information between you and the client, and not telling others including co-workers, friends, family, etc.

Examples of maintaining confidentiality include:

The types of information that is considered confidential can include:

Other information relating to ethic or racial origin, political opinions, religious or philosophical beliefs, health or sexual lifestyle should also be considered confidential.

Adult clients have the right to determine what information they consider personal and confidential.

There is, however, no such thing as absolute confidentiality in the community services industry. Workers are required to keep notes on all interactions with clients and often to keep statistics about who is seen and what issues are addressed. As a worker, there will be times when you could be faced with some personal difficulties regarding confidentiality. You need to give your client an assurance that what is said will be in confidence (that it will stay secret between you and the client) because, unless you are able to do that, the client is unlikely to be open with you. However, you also need to be aware of the limits to the confidentiality that you are offering. There are several instances where total confidentiality is either impossible, undesirable or illegal. These include:

It is always good practice to tell clients at the beginning of your contact with them that whatever they tell you is confidential except in the above circumstances.

When writing up case notes you need to be careful about what you include and how you write this information up. Always remember that clients have the right to see files and read anything that has been written about them.

When working with other professionals it is good practice to obtain the written consent of the client before exchanging information.

If you are going to be discussing a client and their situation in supervision, in a training session or at a workshop, you can always change the name and any information that may identify the client. Other workers in these situations are also bound by the same ethical and legal requirements relating to confidentiality that you are.

Confidentiality also extends to things like:

Importance of confidentiality

Confidentiality is important for several reasons. One of the most important elements of confidentiality is that it helps to build and develop trust. It potentially allows for the free flow of information between the client and worker and acknowledges that a client’s personal life and all the issues and problems that they have belong to them.

One of the major purposes for obtaining a client’s consent before speaking to a third party (such as another agency or a family member/carer) is to protect the confidentiality and privacy of the client. Informed consent (obtaining personal information with the formal permission of the client or a person who has the legal authority to provide permission on behalf of the client) is considered essential in maintaining the privacy of the client.

It is important to keep your clients’ business as just that – their business. You should only discuss matters relating to your clients’ business with co-workers, and then only what needs to be discussed. Discussions should take place in the workplace and not be audible to other members of staff or the general public. You should never discuss clients’ business with family or friends.

Respect for client confidentiality and staff personal information should be a high priority for all community services to comply with legislation that governs disclosure of information. In this regard all organisations need to have policies and procedures that provide guidelines for workers. Appropriate worker behaviour can also be incorporated in a code of conduct.

To ensure confidentiality, workers should only access confidential information for work that is covered by their job description and the policies and procedures of the organisation. They should only disclose information to other parties where a client (or co-worker in relation to their personal information) has consented to the release of the information or where disclosure is required or mandated by legislation due to indications of risk of harm. Further workers need to ensure that any information that is collected is securely stored and disposed of.

Activity: Importance of confidentiality



Confidentiality agreement

All health facilities including aged care facilities take a very serious view of failure to observe confidentiality as it constitutes a breach of the patient's privacy. This places both the facility and the individual concerned at risk of legal action and its consequences and may constitute grounds for dismissal. When you begin working in an organisation regardless of whether it is residential or community based, you may be required to sign a confidentiality agreement. This statement means that it is absolutely essential to treat any personal details of medical, social or family history of a patient and any other information pertaining to the aged care facility and its operation as strictly confidential.

Activity: Limits of confidentiality

Kevin is a 36-year old man who has a lengthy history of heroin use. He has been staying at the rehab that you work at for the past week. He has been at the rehab on two previous occasions, the last time he spent several months going through the program and seemed to have been progressing well. He left to move into a halfway house and relapsed. During his last stay you formed a close working relationship in which he was able to discuss his thoughts and feelings openly and with some degree of honesty.

During a chat in the garden, as you were working together yesterday, Kevin made the comment that ‘life wasn’t worth living’, that ‘it was all too much’ and ‘I’m shit, just a junkie. No one will miss me’.

When you tried to gently challenge this thinking, Kevin became evasive, and would not assure you that he was OK. This behaviour is very uncharacteristic, in fact, you could not remember him ever speaking like this before and you are genuinely concerned for his safety.



Client consent

If you are planning to make a referral to a worker from another agency or they contact you to request information, you must get the client’s permission to share their personal information. Clients are often requested to sign an agreement that information will be shared where necessary. It is important that clients understand what they are signing and the reason that information needs to be disclosed to another worker. If you don’t have a good reason, then don’t share the information!

Activity: Case study

Aidan Smith, aged 15 years, has been attending your youth centre for the past few months. Initially, he experienced a lot of difficulty ‘fitting in’ with the kids at the centre. His parents had separated just prior to him coming along to the group and he had a lot of anger initially, lashing out at staff and other kids in frustration.

Aidan has received a lot of support from the youth workers and his inappropriate expression of his feelings is now under control. Aidan is in Year 9 at high school and is moving out of your area to live with his grandmother. His mother has remarried and Aidan doesn’t want to live with his step-dad. His academic ability is very poor. Aidan showed you his latest school report.



Legislation governing confidentiality

All workers need to be aware that there are State and Federal laws that cover confidentiality. The following Acts relate to privacy and confidentiality of clients:

Health Administration Act 1982

This Act covers any information that is provided or recorded within the health system. Basically, information cannot be disclosed, without the consent of the person to whom the information relates or for the purpose of legal proceedings, such as a court order or subpoena that allows access to health information on a client.

The Public Health Act 1999

This Act also relates to disclosure of information without consent. The most important confidentiality provision of this Act is the part that deals specifically with HIV/AIDS related information. Under this Act, this means two things:

The Public Health Act allows for the disclosure of information relating to a person’s HIV status where the failure to provide the information could place the health of the public at risk. This disclosure provision is limited and allows notification to the Director-General of the Health Department. It does not authorise disclosure to any other person.

Health Records and Information Privacy Act 2002

This Act is designed to protect the privacy of an individual’s health information, enable individuals to gain access to their health information and provide an accessible framework for resolution of complaints regarding the handling of health information

Privacy and Personal Information Protection Act 1998 (NSW)

This Act consists of internationally accepted privacy principles dealing separately with collection, storage, use and disclosure of personal information. One of the key principles relates to accessibility of information, stipulating that agencies must allow access to a client’s personal information without reasonable delay and expense, when it is requested.

Personal information includes information kept on the records of the clients, personal details shared with you by the client and/or others, or medical information if the client has been referred to your service by a doctor. There are numerous sources of possible private information including written communication coming from other agencies.

Crimes Act 1900 (NSW)

There is an obligation for people who have information about serious criminal offences to notify the police. A serious criminal offence is an offence that attracts a penalty of five years imprisonment or more. Health workers should be aware that this covers offences such as drug trafficking, serious assaults, sexual assaults, murder and manslaughter. It does not include minor possession offences or any offences under public health legislation.

NSW legislation is available at:

Commonwealth legislation is available at:


You are a worker in a crisis care team. One day you are chatting to one of the residents (Danny). He tells you he can take care of himself and that one day he knifed a guy who wouldn’t hand over his wallet. The guy wasn’t badly hurt and the police never found out it was Danny who did it. Danny notices the look on your face and says ‘You won’t tell anyone will you? I told you cause I trusted you.’



Exceptions to the general rule of confidentiality

There are few exceptions to the general rule of confidentiality, and they all have legal bases. These include:

In the case where legal obligations override a client’s right to keep information private and confidential, a community service organisation has the responsibility to inform the client and explain in a way that they can understand, the limits of confidentiality. Information may also be sought through a subpoena for court proceedings.

For example, in the case where a client may have been abused by a disability support worker, the police and court can request information from the community service organisation, without the client’s consent. A subpoena can be challenged if it seems unreasonable of the information requested is unnecessary for the case.

Case study: Julian

Julian, a client who has lived with three foster families, has finally been placed with a supported accommodation home. He has had some behaviour problems in the past, but since arriving at the new home he has been very happy. The new home has a very large file on Julian that contains information on his foster families, previous bank accounts, medication charts and behaviour management programs. Most of the information is so old that it is not needed or useful to the staff at the new home.

Julian needs to go to hospital to have a small operation on his hand, which was injured in a gardening accident. When Julian was booked into hospital the staff at the house put some information on Julian in a small file, which included current medication and any assistance he would require like mealtime assistance. The administrations department said they could not book Julian in until they had a complete copy of his file.

The manager of the service wrote a letter to the hospital explained that they were not able to release any information unless:

•it was to benefit the service the client was going to receive

•the information was needed to ensure that the client was not on any medication that would effect the operation

•the client gave permission for the information to be released

•the information was only used for the intended purposes.

The manager explained that most of the information was not relevant to Julian going into hospital and that they would not be giving the hospital any more of his history.

Guidelines for information requests

Here are some general guidelines about requests for information. Note that confidentiality doesn’t just relate to client information, but also to information requested about the service.

Requests for information about clients

All workers who have a counselling role or work face-to-face with clients are ethically obliged to keep information about a client confidential except in the cases listed in the section Exceptions to the general rule of confidentiality.

It is always good practice to tell clients at the beginning of your contact with them that whatever they tell you is confidential. This means that you if you do have to act to keep them safe, it is not a shock to them.

Requests for information about services provided

If service providers or members of the public request information about the services offered by an organisation, it is important to have clear guidelines about which staff members are responsible for giving out information, either in person, at a meeting or on the phone. The clearer the guidelines, the more efficient, reliable and consistent the organisation will be. Some organisations have an intake system, whereby a staff member is on duty to take all requests, while others delegate more responsibility to administrative staff.

Collecting information from a client

If you need to ask for personal information from a client you need to tell them:

You also need to ask your client ask about who it is OK to give the information to, e.g. the police, other agencies, a doctor?

All records must be protected against unauthorised access, and not be shared with any person, except those for whom the information has been gathered. Information can only be shared with the client’s written permission or unless legislation allows, for example, with a police request.

Release of information

Workers need to be aware of their own personal practice when talking on the telephone to clients, their family and workers from other organisations. Before providing any information to a client you need to ensure the client’s identity. This may be done by asking for their date of birth, address or a client number as provided by the organisation.

Information can only be provided to family and other workers (except where there a legislative requirement based on indicators of risk harm) when the client has given ‘informed consent'. Clients also have the right to deny the release of information and this must be respected.

All clients have rights, and their confidentiality must be respected. Unless it involves a disclosure of something that leads you to believe they are at risk of harm, don’t share their information with others.

Guidelines for releasing client information

If confidential information has to be released, clients must understand what the information is needed for, before giving their consent.

A community service organisation or disability support worker cannot disclose personal information to another person, disability support worker, body or community service organisation unless:

If a community service organisation needs to release confidential information about a client who is unable to give informed consent, the service should ensure:

It is important to check with your individual clients as to what information they consider private and confidential. Some things like what they had for dinner would be private for some clients, where others would not consider that type of information private.


It’s Friday. You are a worker at a youth drop-in centre and a journalist calls at 2 pm and asks if they can photograph the youth group tonight so it can be used in Saturday’s paper. You are keen to get publicity but you need to think about the rights of your clients in this situation. The coordinator is away.



Breaches of confidentiality

All community service organisations have a responsibility to keep client or service-user information private and confidential. In some circumstances, clients can take legal action against a worker or an organisation under the law of negligence. We owe a duty of care to our clients to prevent any risk of harm.

Most agencies have policies and procedures relating to privacy and confidentiality which identify the rights of clients and responsibilities of workers. Often workers are asked to sign a confidentiality agreement when they begin working for an organisation. By signing this agreement workers are stating that they will respect and uphold the organisation’s policies and procedures and ensure that client information is not disclosed without the client’s informed consent. This is a legally binding document that clearly states a worker’s obligation to treat all client information confidentiality.

If a worker breaks client confidentiality they are seen to have breached (If something is breached it has been violated or broken) the policies of the organisation and, as a result, he or she may be dismissed from their position—that is, sacked! This may also open the worker to legal action from a client.

If you, as a worker, notice that another worker seems to be breaching client confidentiality you should:

  1. See if they have the client’s permission to share the information (you can either ask the worker or check in the client’s file).
  2. Check to see what the agency’s policy is regarding breaches of confidentiality and follow the procedures outlined.
  3. If there isn’t a policy, and if you feel comfortable enough, approach the worker and express your concern.
  4. Talk with your supervisor and tell them what you have observed or overheard and express your concerns.
  5. Ask that all staff receive training in confidentiality, why it is important and how to maintain it.

Breaching procedures

All agencies should have guidelines and procedures to store and maintain client information and they should have policies on what should happen if these guidelines and procedures are breached.

Becoming aware that a fellow staff member is breaking confidentiality can create a dilemma for a worker. Should the worker ignore it and hope that it doesn’t happen again? Should they talk to the staff member concerned or mention it to a supervisor and perhaps cause the worker to be sacked?

There is a range of specific circumstances where a worker will be excused from breaching confidentiality, where he or she discloses information to protect the public. Some of these exemptions are established through statue and others through judicial interpretation of the law.

Where a worker becomes aware, in the course of managing a client, that a risk to public safety exists, he or she will be excused from breaching confidentiality where he or she discloses information about this risk in order to protect the public. This includes instances where there is a risk to a particular individual.

In circumstances where a worker considers that a client represents a risk to the public, they should carefully assess the level of risk before acting. It is a really good idea to discuss the situation with your supervisor.

Activity: Dealing with breaches of confidentiality

Peta Roberts is a worker at the Hillsvale Community Centre and shares an office with Vanessa Sullivan. Peta hears Vanessa talking to a colleague who works in another agency about a client of this service.

Vanessa is discussing intimate details of the case that Peta knows the client has not given permission to be released to other workers outside of the centre.

This is not the first time Peta has heard Vanessa disclose confidential client information. When Peta has tried to talk with Vanessa about her concerns, Vanessa has told her that it is no big deal.

Hillsvale has a policy on confidentiality that states that all workers are to uphold the client’s right to a confidential service. The policy also states that that no client information is to be disclosed to other persons outside of the agency without the expressed written permission of the client. The only exception may be in the event that the client tells the worker information of a legal nature that is by law reportable eg child sexual abuse.



Confidentiality and duty of care

Confidentiality applies to all information that a client or colleague tells you verbally or gives you in writing. It also applies to things that you learn through observation. All information in a person’s health care record is confidential and may not be disclosed without permission from the client or their guardian.

Confidentiality is a critical aspect of your duty of care.

Remember that all clients have the same rights as everyone else in the community, regardless of whether they have a drug and alcohol problem, a mental illness, or a physical or intellectual disability. Their confidentiality must be respected. This includes difficult clients and clients with dementia. Unless you believe a client is at risk of serious harm, don’t share the client’s personal information with others. Respect their right to privacy.

Only the client has the right to decide who to share their personal information with.

Every service organisation should have a confidentiality policy. This policy will usually include an agreement, signed by workers and volunteers to uphold client confidentiality, and an authority, signed by the client, allowing you to discuss their personal information with specified others, but only in order to provide an effective service.

Consequently, you may be able to disclose aspects of the client’s health care record including disclosing their personal information, but only if you get their permission first.

Get permission in writing. Do not get ‘blanket’ approval. Blanket approval is where the client gives general approval for anyone at the organisation to disclose any information about them. Get approval for specific information to be shared, specify who you will share it with, and why you need to do so. Keep a record of who had access to the information and for what purpose. Most agencies get this permission when the client first comes to the organisation.

Written personal information must be carefully protected. Files need to be stored safely and protected from unauthorised access.

Clients need to know how they can get access to their information. They may need to apply for this under the Freedom of Information Act, but usually community service organisations have agency policies that allow clients direct access to information about themselves.

Community Services need to have a range of policies and procedure in place to ensure that workers comply with legislation and maintain a duty of care to not place clients at risk of harm. These may include:


Mick is evicted from your crisis accommodation service for violent behaviour towards other residents. He says ‘Stuff you, I’ll just ring the other refuge across town’. One of the workers says ‘We’d better ring the other refuge and warn them what he is like.’ Another worker says you can’t do that because it would be a breach of confidentiality.



Confidentiality and privacy

What is the difference between confidentiality and privacy?

Privacy is more often taken to mean ‘the right to be left alone’. The term privacy usually attaches to individuals. Confidentiality is a much broader concept. Information may be confidential that is not personal.

Legally, organisations do not have privacy rights — individuals do. In community services personal information may become subject to confidentiality procedures and policies but that will not affect the rights of the individual who is the owner of that information. Information about an individual may be given to others for legitimate purposes under ethical standards of confidentiality. Privacy is an obligation to the individual who is the owner of the information and applies regardless of who is providing the information.

Privacy principles

The NSW Privacy Committee Data Protection Principles outline the privacy principles that all NSW community services organisations must follow. These guidelines are to protect client rights and ensure that only essential information about the client is collected.

  1. Collect information directly from the client, except if:
    1. the client agrees otherwise
    2. the other information source also follows these principles.
  2. Make sure the client knows whether it is compulsory or optional to give the information.
  3. Make sure the client knows the purpose for collecting the information.
  4. Make sure the client knows who you usually pass information on to (and who they usually pass it on to).
  5. Make sure the client can look at and correct their information (unless the law stops this), and the client knows this right.
  6. Make sure the information is actually needed for your purpose.
  7. Limit your use of the information to:
    1. the purpose you collected it for
    2. other purposes with the client’s consent
    3. preventing harm to the client or someone else.
  8. Make sure the information is accurate, up-to-date and complete.
  9. Make sure the information is protected from unauthorised access.
  10. Make sure the information is kept for no longer than necessary for the purpose it was collected for.
  11. Make sure that the information is only used or disclosed with the freely given, clear written consent of the client if the information concerns their:
    1. ethnic or racial origin
    2. political opinions
    3. religious or philosophical beliefs
    4. trade union membership
    5. health
    6. sexual life.

You can get more information from Lawlink NSW:


Penny: ‘John, I’m not feeling well and I need you to do my roster tomorrow. The first clients will be Harry and Amy McDonald. I have observed signs of physical abuse of Amy so I have reported it to Snezana who will be following up immediately. If the police arrive, give them my notes. I’ve left all my files on my desk. The next clients, Fran and Stan Townsend, are new, they haven’t completed any paperwork yet. Just get all their details and pass them on to me to follow up next week. I hear they have a pretty active sexual life so make sure you knock loudly! The last client will be May, she has recently had a break in so you should knock loudly at her house as well and tell her who it is. May’s diabetic, make sure you check to see if she’s been eating. Ring her son afterwards and let him know how she’s going.’

John: OK, I’ll document what I do and we can discuss any issues when you come back to work.



Referrals and confidentiality

Respecting and ensuring confidentiality and privacy of client information is a critical principle of the community services industry (CSI).

As well as maintaining confidentiality within the agency, it is essential to ensure that client privacy is protected when liaising with external agencies.

Services should ensure with all referrals, that appropriate and accurate information is provided. The only information that needs to be shared is basic contact details for the client, the reason for the referral, the extent and nature of your involvement with the client and your role in the future.

This means sticking to facts and keeping your opinion and any judgemental comments to a minimum. Let the worker meet the client and form his or her own relationship without influencing the worker’s perception by your own experience or opinion.

Always remember, that under Freedom of Information legislation, clients are within their rights to request to see their client file. Any written correspondence in relation to the client is kept in this file. So, if you have written a referral letter for a client that you would not want them to see, think about why. Have you stated something that is making a judgement on the client (such as ‘the client is unmotivated’)? Have you referred to some aspect of your involvement with the client that you have not discussed with the client (such as ‘the client didn’t get on with other clients while in our service’)? It is much more appropriate to share the client’s perception of their difficulties with other workers, than your own opinion (which could be deemed biased).

The golden rule is, wherever possible, work in close partnership with your client, initiate the referral together and agree on what information needs to be shared.

However, another important consideration in sharing information is not withholding information that the service should know, if they are to fulfil their duty of care to the client and other clients within the service. For instance, if your client has a violent background (they may have been charged by Police), and you are referring them to an accommodation service, then the service has a right to know that information. This is for the safety of other clients in the service. Similarly, if your client has a mental illness, the service may need to know so they can ensure the client receives adequate care and access to a specialist service if required.

Client permission must be gained (preferably in writing) before sharing information. It is a good idea to discuss with the client what you are going to talk about with the other agency. Also, be sure that the client understands the policy and criteria of the service to which they are being referred.


A disability support worker is assisting a client, who has cerebral palsy to join a swimming class run by the local council. When the disability support worker put in the enrolment form, the swimming instructor said they needed to read the client’s file, just in case there is something they need to know before the client could be considered for the class.

  1. What do you need to do before you give the instructor any information?
  2. On what grounds should the instructor see the information?
  3. What questions would you ask the instructor?



Discussing information

Authorised staff may discuss only matters relevant to their own function and responsibility with other authorised staff or with other entitled persons in the course of resident care. Under no circumstances are carers to discuss individual clients or their circumstance with other clients, family members or friends. In practical terms, this means that information regarding residents may only be discussed at the following times and with the relevant people:

Patient records are to be read only by staff who are directly involved in the care of the resident

If you have any doubts or are placed in a situation of uncertainty, discuss them with your Supervisor. Client confidentiality and privacy are to be maintained at all times.

Here are some tips to help you maintain confidentiality in the workplace:

Confidentiality and security

There is no such thing as absolute confidentiality in our industry—especially when it comes to recording information about client contact or observations about clients. We are required to keep notes of our interactions with clients and often to keep statistics about who we see and what issues are addressed. There may be people authorised in your organisation, or working in other services that are authorised to see information about clients. As well, it is every client’s right to see the information recorded about them if they wish to do so. It is not; however, any client’s right to see information recorded about another person.

Confidentiality also extends to things like names and addresses of clients, consumers or residents, telephone numbers and addresses of staff and volunteers, names and personal details of people who donate money or time, details of funding agreements, and information about the organisation’s strategic planning. Therefore, workers must not disclose any information about other workers or people involved in the agency to anyone.

It follows that it is essential that all information and documents that are confidential are kept secure. Upholding confidentiality and security involves keeping information and documents in a place that can’t be easily accessed by non-authorised people.

Storage of records

All community service organisations need to ensure that all records are correctly stored in line with legal requirements. Record storage must be secured in a place where there is no possibility that they could be damaged. The storage system must be easily accessed by authorised workers.

Secure spaces are:

Store case notes, case management plans and files in filing cabinets and remember to lock filing cabinets when leaving the office.

Ways of maintaining confidentiality are to:

Destruction of records

Most records are kept for as long as they are in use by the organisation or for the length of time that the client receives a service. In some cases legislation requires the archiving of client files for 7 years and each organisation needs to be familiar with the legislation as it applies to their service and client group. Any confidential information must be shredded before it is sent for recycling.


Answer True or False


Confidentiality means not leaving your observation notes lying around.


Answer True or False


If the police ask you, you must show them any records you have?


Answer True or False


Family members have an automatic right to see the client’s records.


Answer True or False


You can store records in the drawer of your desk if the room is locked at night.



Back to top